Skip to main content

Origin Validation Error

CVE-2022-25146

Severity Medium
Score 5.3/10

Summary

The Remote App module in Liferay Portal 7.4.3.4 through 7.4.3.8 and Liferay DXP through v7.4 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-346 - Origin Validation Error

The software does not properly verify that the source of data or communication is valid.

Advisory Timeline

  • Published